Apple’s Fix for Bluetooth Vulnerability Exploited in Magic Keyboard for Monitoring Bluetooth Traffic
Apple has taken decisive action to address a recently exposed vulnerability in Bluetooth keyboards with the release of Magic Keyboard Firmware Update 2.0.6. The vulnerability, tracked as CVE-2024-0230, revolves around a session management issue that could be exploited by an attacker with physical access to the accessory, enabling them to extract the Bluetooth pairing key and monitor Bluetooth traffic.
In response to this security concern, Apple has implemented enhanced checks in the firmware update to mitigate the risk associated with the flaw. The company’s advisory explicitly states, “An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.”
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
The discovery of this vulnerability is credited to Marc Newlin of SkySafe, who identified a session management issue that, when exploited, allows an attacker in close proximity to inject keystrokes into a susceptible device. This could potentially lead to actions such as installing apps, executing arbitrary commands, forwarding messages, and more.
The exploitation method involves tricking the Bluetooth host state-machine into pairing with a fake keyboard without user confirmation. The vulnerability affects various devices under specific conditions: Android devices are vulnerable whenever Bluetooth is enabled; Linux/BlueZ is susceptible when Bluetooth is discoverable/connectable; and iOS and macOS devices are at risk when Bluetooth is enabled, and a Magic Keyboard has been paired with the phone or computer.
The Magic Keyboard Firmware Update 2.0.6 is applicable to various Magic Keyboard models, including Magic Keyboard, Magic Keyboard (2021), Magic Keyboard with Numeric Keypad, Magic Keyboard with Touch ID, and Magic Keyboard with Touch ID and Numeric Keypad.
Notably, the researcher points out that the Lockdown Mode does not provide immunity against attacks exploiting this particular flaw. It remains uncertain whether the vulnerability has been exploited in real-world attacks. Apple’s proactive approach in releasing the firmware update underscores its commitment to swiftly addressing potential security risks and ensuring the protection of its users. Users are strongly encouraged to apply the update to fortify their devices against potential Bluetooth keyboard injection vulnerabilities.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: securityaffairs.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
